-
Notifications
You must be signed in to change notification settings - Fork 14.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[AIRFLOW-3947] Flash msg for no DAG-level access error #4767
[AIRFLOW-3947] Flash msg for no DAG-level access error #4767
Conversation
@feng-tao PTAL. |
Codecov Report
@@ Coverage Diff @@
## master #4767 +/- ##
==========================================
+ Coverage 74.44% 74.45% +<.01%
==========================================
Files 450 450
Lines 28973 28974 +1
==========================================
+ Hits 21570 21572 +2
+ Misses 7403 7402 -1
Continue to review full report at Codecov.
|
lgtm, thanks @XD-DENG |
airflow/www/decorators.py
Outdated
@@ -120,6 +120,7 @@ def wrapper(self, *args, **kwargs): | |||
dag_id)))): | |||
return f(self, *args, **kwargs) | |||
else: | |||
flash("DAG-level access is denied", "danger") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about the message change to "User can't access {} DAG.".format(dag_id)
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But when I implemented the feature, the user can't even see the DAGs that he doesn't have permissions from the landing page(or can only see the DAG he can access). Is there something changed here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure. Let me update it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know. But based on what I tested/observed now, users can see the DAGs to which that he/she doesn't have permissions.
May you check & confirm from your side as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What I tested was to delete the two "all_dags" permissions from role "User", then log in as "User" role. I can still see all the DAGs (all are the "built-in" example DAGs though).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@feng-tao , updated as advised. PTAL.
I think it's good to have this flash message, no matter if the user can or can not see the DAGs that he/she doesn't have permissions from the landing page (there may be cases that he/she is given a URL like http://localhost:8080/tree?dag_id=<dag_to_check>
while he/she doesn't have access to <dag_to_check>
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I am afk and will merge tomorrow morning . And could you create a jira for that issue and assign it to me?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, will do that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But when I implemented the feature, the user can't even see the DAGs that he doesn't have permissions from the landing page(or can only see the DAG he can access). Is there something changed here?
Created https://issues.apache.org/jira/browse/AIRFLOW-3949 to track the issue discussed above.
It will show and remind user when a user clicks on a DAG that he/she doesn't have can_dag_read or can_dag_edit permissions.
ae1e094
to
f9eff53
Compare
Hi @feng-tao , I updated the flash message contents to It may not be worth changing the test cases for this PR, so I changed the flash msg to " |
thanks |
* [AIRFLOW-3947] Flash msg for no DAG-level access error It will show and remind user when a user clicks on a DAG that he/she doesn't have can_dag_read or can_dag_edit permissions. * Change the flash msg contents
* [AIRFLOW-3947] Flash msg for no DAG-level access error It will show and remind user when a user clicks on a DAG that he/she doesn't have can_dag_read or can_dag_edit permissions. * Change the flash msg contents
* [AIRFLOW-3947] Flash msg for no DAG-level access error It will show and remind user when a user clicks on a DAG that he/she doesn't have can_dag_read or can_dag_edit permissions. * Change the flash msg contents
Jira
Description
In FAB UI, when user clicks a page to which he/she doesn't have access, there will be a "Access is Denied" flash message.
But for the DAG-level access control: when the user clicks a DAG to which he/she doesn't have access, he/she would be redirected to the main page WITHOUT any flash message. This may be confusing to the user.
This PR adds proper flash warning message in the UI for this. Users will see flash message "DAG-level access is denied" when they click on a DAG to which he/she doesn't have "can_dag_view"/"can_dag_edit" permissions.